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PRIVACY  SYSTEMS  FOR  TELECOMMUNICATION  NETWORKS 
Rein  Turn 

The  Rand  Corporation 
Santa  Monica,  California  90406 


There  is  an  increasing  need  for 
providing  privacy  and  security  in  tele- 
communication and  teleprocessing  net- 
works. This  paper  presents  a brief 
survey  of  privacy  systems  — the  techni- 
ques that  can  be  used  to  provide  com- 
munications security  in  commercial 
systems — and  then  examines  in  qualita- 
tive terms  the  protective  characteris- 
tics of  several  classes  of  privacy 
transformations  (encryption  techniques) 
The  emphasis  is  on  the  level  of  pro- 
tection that  can  be  expected  and  the 
effects  of  the  telecommunication  net- 
work characteristics  on  the  performance 
of  the  privacy  system,  and  vice  versa. 


INTRODUCTION  \ 

The  explosive  growth  of  computer 
technology  in  the  last  two  decades  has 
been  parallelled  by  similar  advances 
in  telecommunications.  Indeed,  the  two 
technologies  appear  to  be  on  the  path 
toward  merging  into  a single  tele- 
processing technology.  In  this  new 
technology  there  are  added  to  the 
traditional  man-to-man  communications 
also  man-to-machine  and  machine-to- 
machine  communications.  As  a result, 
the  widely  used  analog  communication 
systems  are  being  augmented  and 
gradually  replaced  by  digital  techniques 
and  systems.  The  latter  have  permitted 
introduction  of  new  concepts,  such  as 
packet  communications  and  store-and- 
forward  transmission  techniques.  New 
components  have  emerged,  such  as  digital 
switching  centers,  communications  pro- 
cessors, and  more  capable  communications 
terminals  [1,2] . 

The  innovations  in  the  telecom- 
munication system  design  and  operation 
provide  more  communications  capacity, 
efficiency,  quality,  and  economy.  This 
has  permitted  the  construction  of  large 
teleprocessing  systems  where  computers 
may  be  accessed  from  terminals  anywhere 


in  the  country.  The  National  Crime 
Information  Center  (NCIC) , various  re- 
servation systems,  management  informa- 
tion systems  of  many  large  corporations, 
and  teleprocessing  services  for  com- 
mercial subscribers  are  examples. 

Nearly  all  such  systems  communicate, 
process,  and  store  information  which  is 
considered  private  by  their  owners  and 
users,  or  which  must  be  safeguarded  from 
unauthorized  access  as  required  by  law. 

The  new  digital  telecommunications 
systems  are  not  changing  the  fact  that  in 
any  telecommunication  channel  the 
messages  are  not  under  the  direct  control 
of  the  sender  or  the  intended  receiver, 
and  that  they  can  be  overheard  or  inter- 
cepted by  anyone  who  has  the  appropriate 
equipment  and  knowhow  [3,4].  Therefore, 
if  the  content  of  a message  is  to  remain 
known  only  to  the  sender  and  the  re- 
ceiver, special  protective  techniques 
must  be  applied  by  the  communicators  or 
provided  by  the  telecommunication 
systems,  i.e.,  privacy  ayateme  must  be 
designed  and  implemented. 

In  addition  to  protecting  messages 
from  unauthorized  accidental  or  deliber- 
ate overhearing  or  interception,  there 
is  also  a need  to  protect  the  communica- 
tion system  against  active  infiltration — 
the  insertion  into  the  system  of  un- 
authorized messages.  The  purpose  of  the 
latter  may  be  to  request  the  information 
desired  by  the  intruder  (rather  than 
passively  monitor  the  communication 
lines  and  hope  that  the  desired  informa- 
tion will  appear) , to  insert  false  in- 
formation, or  to  disrupt  the  operation  of 
the  communication  network  or  the  systems 
that  it  serves.  For  example,  in  the 
telecommunications  links  serving  remote 
computer  terminals  or  computer  networks, 
there  exists  the  threat  that  illicit  ter- 
minals or  computers  may  be  connected  to 
the  network  for  the  purposes  of  "managing" 
the  normal  terminal-computer  communica- 
tions , masquerading  as  a legitimate  user, 
or  simply  making  the  system  unavailanle 
to  its  users  [5,6] . 


‘This  paper  was  prepared  for  presentation  at  the  1974 
IFEE  National  Telecommunications  Conference,  San  Diego, 
California,  December  2-4,  1974. 


This  paper  reviews  the  relevant 
characteristics  of  several  classes  of 
privacy  systems,  discusses  a set  of  suit- 
ability criteria  for  their  application 
in  teleprocessing  systems,  and  con- 
cludes with  a discussion  of  their  imple- 
mentation and  operation  considerations. 

PRIVACY  SYSTEMS 

A need  for  maintaining  confiden- 
tiality of  communications  has  existed 
from  the  days  of  antiquity  and,  indeed, 
the  ancient  Greeks  and  Romans  deserve  a 
great  deal  of  credit  for  furthering  the 
art  of  secret  writing--cryptography 
[7,8],  With  the  invention  of  telegraph, 
telephone  and  radio  there  also  arose  a 
need  to  provide  privacy  protection  to 
electrically  and  electronically  trans- 
mitted messages. 

Shannon  [9]  distinguishes  three 
types  of  protective  systems: 

o Concealment  systems  which 

attempt  to  hide  the  very  exist- 
ence of  a message  (e.g.,  use  of 
invisible  ink,  or  mixing  a 
message  with  unrelated  text  or 
dummy  messages); 

o Privacy  systems  which  require 
special  equipment  for  recover- 
ing the  message  (e.g.,  speech 
inversion  systems) ; 

o Secrecy  systems  where  the  exist- 
ence of  a message  is  not  hidden 
but  its  content  is  concealed  by 
a cipher  or  a code , and  where 
the  equipment  for  its  inter- 
ception is  assumed  to  be  avail- 
able for  the  would-be  intruders . 

In  the  following  only  the  last  two 
types  are  considered  and  they  are  col- 
lectively referred  to  as  privacy  systems. 
Although  a large  amount  of  telecommuni- 
cation traffic  consists  of  voice  com- 
munications where  messages  are  repre- 
sented by  time-varying  analog  signals, 
privacy  systems  have  been  developed  al- 
most exclusively  for  sequences  of  dis- 
crete symbols — characters  of  the  message 
alphabet,  and  their  representations  in 
telecommunication  systems.  Thus,  they 
are  especially  suitable  for  protecting 
digital  data  or  digitized  voice  communi- 
cations . 

A privacy  system  operates  as 
follows:  The  sender  composes  a message 
M,  using  the  vocabulary,  syntax,  grammar, 
and  alphabet  A,  of  a natural  or  artifi- 
cial language  L.  He  then  applies  a 
transformation  T(X)  which  changes  (en- 
crypts, enciphers)  the  message  M (the 


cleartext)  into  a transformed  form  E 
(the  ciphertext  or  cryptogram).  The 
ciphertext  E is  then  transmitted  to  the 
receiver  over  the  communication  channel. 
The  transformation  T(K)  is  chosen  from 
a large  set  of  all  such  transformations 
by  specifying  the  value  of  K,  the  key  of 
the  transformation.  The  key  is  also 
transmitted  to  the  intended  receiver 
using  a secure  and  uninterceptable  chan- 
nel. The  receiver  applies  to  E the  in- 
verse transformation  T(K)-1  and  recovers 
(decrypts,  deciphers)  the  original 
message  M.  The  degree  of  protection  pro- 
vided by  such  a privacy  system  depends  on 
the  type  of  transformations  used,  the 
ability  of  the  transformations  to  obscure 
the  characteristics  of  the  language  L, 
and  the  number  keys  that  can  be  used. 

In  voice  communication  links  that 
use  analog  signal  transmission  the  trans- 
formation T (K)  may  be  one  of  the  follow- 
ing: (1)  a simple  frequency  inversion  of 
the  voice  signal,  (2)  alternating  inver- 
sion under  the  control  of  a pseudo-random 
sequence,  (3)  spectrum  shifting,  or  (4) 
band  splitting  [10].  These  techniques 
provide  varying  degrees  of  privacy  by  dis- 
torting and  scrambling  the  voice  signal. 
Transmission  of  voice  in  digital  form 
permits  the  treatment  of  voice  signals  as 
sequences  of  discrete  symbols  and,  thus, 
allows  application  of  the  privacy  trans- 
formations as  discussed  in  the  following 
sections  of  this  paper.  The  digitization 
process  itself,  such  as  in  the  case  of 
vocoders  [11] , provides  a degree  of  pri- 
vacy against  accidental  overhearing,  but 
not  against  determined  intruders  who  have 
the  appropriate  equipment  available. 

The  future  telecommunication  systems 
will  be  all-digital  and  will  permit 
simultaneous  transmission  of  data  and 
digitized  voice.  Therefore  the  rest  of 
this  examination  of  privacy  systems  deals 
with  telecommunication  networks  where  the 
messages  are  composed  of  discrete  symbols 
and  signals. 

PRIVACY  TRANSFORMATIONS 

Numerous  types  of  privacy  transfor- 
mations have  been  proposed  and  used  in 
privacy  systems  [12,13].  Basically,  all 
transformations  perform  substitution 
operations  on  the  message  M.  That  is,  a 
segment  m of  one  or  more  symbols  of  the 
message  M is  replaced  by  a set,  e,  of 
symbols  to  form  E,  the  ciphertext  corre- 
sponding to  M.  The  segment  e need  not 
contain  the  same  number  of  symbols  as  the 
segment  m.  and  the  symbols  used  in  e may 
be  different  from  those  in  m (i.e.,  the 
ciphertext  alphabet  or  alphabets  may  be 
different  from  the  message  alphabet  A) . 
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The  basic  differences  between  var- 
ious types  of  privacy  transformations  are 
in  the  number  of  symbols  in  m,  the  number 
of  symbols  in  e,  and  the  functional  re- 
lationship between  the  segments  e and  m. 
Thus , 

o Monographic  auhatitutiona . In 
this  class  one  symbol  of  M is 
operated  on  at  a time  (m=l)  and 
is  replaced  with  one  or  more 
symbols  (e>_l) . 


alphabetic  substitutions)  or  from 
several  cyclically  used  substitution 
tables  (as  in  polyalphabetic  substi- 
tutions). Another  important  class 
of  transformations  in  this  family  are: 

o Tranapoaitiona  where  the 
segments  m of  the  message  M 
are  operated  upon  b>  permut- 
ing the  symbols  within  each 
segment  according  to  some  rule 
specified  by  the  key. 


O Polygraphic  auhatitutiona.  Two 
or  more  symbols  of  M are  oper- 
ated at  a time  and  replaced  by  a 
similar  or  larger  group  of  symbols 
(m>2,  e>_2)  . 

Both  families  contain  several  classes 
of  transformations.  The  principal  mono- 
graphic substitutions  are: 

o Monoalphabetic  substitutions 

where  corresponding  to  each  sym- 
bol, a^  , of  the  message  alphabet 

A there  is  a fixed  symbol,  b j , of 

the  ciphertext  alphabet  B. 

Usually  B is  a permutation  of  A. 

One  very  simple  transformation, 
the  Caesar  cipher,  is  obtained 
when  B is  a cyclic  permutation 
of  A. 

o Polyalphabetic  substitutions  use 
n ciphertext  alphabets ,B^, ... ,Bn, 

to  replace  symbols  of  the  message 
alphabet  A.  The  alphabets  are 
used  cyclically  with  a period  n. 
Usually  the  alphabets  B..  are  per- 
mutations of  A,  and  not  all  B ^ 

need  to  be  distinct.  The  key 
specifies  the  number  of  alphabets 
used  and  their  sequence.  A 
special  case  is  the  Vernam  cipher 
where  the  number  of  alphabets  used, 
n,  is  longer  than  the  number  of 
symbols  in  the  message. 

o Homomorphic  substitutions  [14] 
where  the  transformation  is  mono- 
alphabetic  for  some  symbols  of  the 
message  alphabet  A and  polyalpha- 
betic (with  different  periods)  for 
other  symbols  of  A.  The  choice  is 
usually  associated  with  the  aver- 
age frequency  of  occurrences  of 
symbols  in  the  language  L that  is 
used — polyalphabetic  transforma- 
tions are  used  for  the  more  fre- 
quently occurring  symbols. 

Among  the  polygraphic  transformations 
are  substitutions  of  symbol  groups  of  the 
message  M with  other  symbol  groups  from 
a single  substitution  table  (as  in  mono- 


The  choice  of  a particular  class  of 
privacy  transformations  for  use  in  a 
given  telecommunication  network  depends 
on  the  level  of  protection  desired  and 
the  performance  requirements  of  the  net- 
work. For  higher  levels  of  protection, 
messages  may  be  transformed  several  times 
before  transmission  by  using  different 
types  of  transforms.  For  example,  one 
can  apply  block  trans forme  where  fixed, 
relatively  long  segments  of  the  message 
are  subjected  to  transpositions  and  sub- 
stitutions [15], 

Two  other  techniques  used  in  tele- 
communication systems,  coding  and  data 
compression,  can  also  provide  privacy 
protection.  Coding  is  a transformation 
where  an  entire  message,  sentence,  words 
or  syllables  of  the  language  L are  re- 
placed with  groups  of  characters  of  some 
other  (usually  artificial)  language [7, 16 ] . 
The  coding  transformation  and  its  inverse, 
the  decoding  transformation,  are  per- 
formed with  the  help  of  a codebook  that 
establishes  the  correspondences  between 
the  expressions  in  languages  L and  L' . 

A high  level  of  protection  can  be  pro- 
vided. In  addition,  coding  also  provides 
a great  deal  of  message  compression. 
Indeed,  this  was  the  original  objective 
in  introducing  coding  systems. 

Other  meaeage  compreeaion  techniques 
are  based  on  removing  redundancy  in  the 
natural  language  or  in  data  to  be  trans- 
mitted in  order  to  reduce  transmission 
time  or  bandwith  requirements  [17,18]. 

The  transformations  used  on  natural  lan- 
guage messages  involve  elements  of  coding 
and  removal  of  characters  of  the  original 
text  in  such  a way  that  the  original  can 
be  restored  by  using  the  context  of  the 
message.  In  data,  consecutive  occurrences 
of  the  same  symbol  (e.g.,  0 or  blank)  can 
be  replaced  by  an  expression  that  speci- 
fies the  symbol  and  the  number  of  times 
of  its  consecutive  occurrences  in  the 
original  message.  Privacy  protection  is 
not  the  main  purpose  of  compression  but 
a certain  low  level  of  protection  will  be 
provided  by  the  distortions  introduced  by 
the  compression  algorithms. 
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SUXTABILITY  CRITERIA 

The  suitability  of  a class  of  privacy 
transformations  in  a given  telecommunica- 
tion system  application  depends  on  the 
amount  of  protection  desired,  the  effects 
of  the  transformations  on  the  communica- 
tion system's  performance  and  character- 
istics, and  the  cost  of  implementing  and 
operating  the  privacy  system.  Over 
ninety  years  ago,  Auguste  Kerckhoffs 
[19]  formulated  a set  of  criteria  that 
should  be  satisfied  by  any  privacy 
system  that  may  be  summarized  as  follows: 
(1)  The  privacy  system  used  should  be,  if 
not  theoretically  unbreakable,  unbreak- 
able in  practice;  (2)  A knowledge  by  the 
"enemy"  of  the  privacy  system's  hardware 
and  techniques  must  be  assumed,  but  this 
knowledge  should  not  compromise  the 
level  of  protection  provided.  That  is, 
the  key  of  the  transformation  should  be 
able  to  provide  all  of  the  protection; 

(3)  The  key  should  be  remembered  with- 
out notes  and  should  be  easily  change- 
able. The  transformations  should  be 
easy  to  apply,  neither  requiring  the 
knowledge  of  a long  list  of  rules  nor 
involving  mental  strain. 

The  last  requirements  reflect  the 
manual  application  of  privacy  trans- 
formations in  Kerckhoffs'  days.  In 
modern  telecommunication  systems,  there 
should  be  no  need  for  a user  to  know 
the  key  nor  personally  apply  the  trans- 
formations— advances  in  microelectronics 
technology  allow  equipping  communica- 
tions terminals  with  sufficient  pro- 
cessing capability  to  apply  very  com- 
plex transformations  [20]. 

Amount  of  Security 


A necessary  but  not  sufficient  pre- 
requisite for  an  effective  privacy 
system  is  a large  key  space — a very 
large  number  of  possible  keys  such  as  to 
make  impractical  any  trial  and  error 
search  for  the  key.  With  the  exception 
of  the  Caesar  cipher,  all  classes  of 
transformations  discussed  above  have  the 
potential  for  satisfying  this  require- 
ment. The  size  of  the  key  space  for  the 
Caesar  ciphers,  however,  is  one  less 
than  the  number  of  symbols  in  the  message 
alphabet  A (e.g.,  25  for  the  26-charac- 
ter English  alphabet) . 

The  classical  approach  to  breaking 
privacy  systems  is  based  on  the  statis- 
tics of  the  message  languaqe  L and  on 
some  knowledge  of  the  probable  content 
of  the  messages  [21,22].  The  principal 
statistics  used  are  (1)  the  average 
frequencies  of  individual  symbols  of  the 
alphabet  A,  (2)  digram  and  k-gram  fre- 
quencies, (3)  word  frequencies, 


(4)  character  patterns  in  words,  and  (5) 
the  grammatical  and  syntactic  rules.  A 
knowledge  of  the  context  of  the  messages 
allows  postulating  probable  words,  expres- 
sions and  formats  used.  For  natural  lan- 
guages these  statistics  are  well  estab- 
lished and  can  be  quite  revealing.  For 
artificial  languages  and  numerical  data, 
however,  statistics  are  more  dependent 
on  the  context  and  hence,  less  predict- 
able. In  these  cases  information  on  the 
syntactic  structures  and  formats  may  be 
more  useful. 

Given  the  language  statistics  and 
sufficient  amount  of  ciphertext,  mono- 
alphabetic  substitutions  are  solved 
easily  since  they  leave  all  language 
statistics  invariant — they  only  change 
the  alphabets  used.  Polyalphabetic 
transformations  will  change  all  language 
statistics,  but  not  the  syntactic  struc- 
ture. However,  if  the  number  of  alpha- 
bets (the  key  period) , is  known  and  a 
string  of  53n  characters  of  ciphertext 
is  available  (for  English)  tne  system  can 
be  analyzed  as  if  it  were  n monoalpha- 
betic  substitutions  [9].  In  the  case  of 
Vernam  cipher  where  n is  larger  than  the 
message  length  and  a key  is  never  used 
more  than  once,  the  privacy  system  is 
theoretically  and  practically  unbreakable. 

A transposition  transformation  over 
k characters  leaves  the  character  fre- 
quencies intact  but  distorts  the  higher 
order  language  statistics  and  the  syn- 
tactic structure.  Although  techniaues 
for  breaking  transposition  transforma- 
tions have  been  developed,  much  more 
effort  is  required  than  for  substitution 
transformations.  At  least  1.7  logk! 
ciphertext  characters  must  be  avail- 
able [9]. 

Large  volumes  of  message  traffic  in 
a communication  network  may  lead  to 
practices  which  can  significantly  augment 
the  classical  cryptanalytic  approaches 
and  reduce  the  effectiveness  of  the 
privacy  system.  Examples  of  information 
that  helps  cryptanalysis  include  (1)  A 
number  of  different  messages  are  known  to 
be  transformed  using  the  same  key — these 
can  be  used  for  simultaneous  solution  for 
the  key  and  checking  of  the  trial  solu- 
tions; (2)  Fragments  of  the  message,  or 
paraphrased  versions  of  the  message  are 
published  after  its  transmission  in 
ciphertext  form.  These  are  very  useful 
for  generating  trial  solutions.  (3)  The 
key  selection  practices  of  the  privacy 
system  may  be  known.  For  example,  if  the 
keys  are  short  they  may  be  selected  to  be 
words  in  a natural  language  or  names , 
rather  than  totally  random  character 
groups;  (4)  Fragments  of  the  key  itself 
may  be  available  or  can  be  deduced  from  a 
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knowledge  of  the  message  composition  and 
formatting  practices. 

Given  this  information,  techniques  can 
be  devised  for  breaking  any  privacy  system. 
Tuckerman  [231  has  shown  that  if  a fragment 
of  the  message  longer  than  the  key  period 
is  available  (even  though  its  location  in 
the  ciphertext  is  unknown)  the  key  can  be 
readily  determined  by  algebraic  and  heuris- 
tic techniques.  Further,  if  the  key  of  a 
polyalphabetic  substitution  is  produced  by 
a pseudorandom  process  (e.g.,  n-stage  feed- 
back shift  register)  and  applied  as  bit- 
by-bit  addition  of  the  key  to  the  message 
[24],  a message  fragment  of  only  2n  bits 
is  sufficient  for  breaking  the  key  [25]. 
However,  if  complex  sequences  of  transpo- 
sitions and  substitutions  are  applied  [9, 
15,20]  the  system  may  be  able  to  withstand 
cryptanalysis  for  very  long  periods  of  time 
even  though  message  fragments  are  avail- 
able. if  this  time  is  longer  than  the  time 
for  the  messages  to  lose  their  value,  an 
effective  privacy  system  has  been  achieved. 

Performance 

Also  important  in  the  design  of  privacy 
systems  are  the  effects  of  communication 
channel  errors  on  the  privacy  system,  and 
the  effects  of  the  privacy  system  on  the 
communication  network  performance.  Trans- 
formations that  use  previously  generated 
ciphertext  as  the  key  (e.g.,  the  "auto-key" 
systems  [7]  and  certain  block  ciphers) 
tend  to  amplify  the  effects  of  channel  er- 
rors in  the  decryption  process.  As  a re- 
sult, the  original  message  may  be  unrecov- 
erable and  must  be  retransmitted.  If  errors 
persist,  the  frustrated  communicators  may 
decide  to  transmit  the  message  in  the  clear 
and,  thus,  provide  valuable  material  for 
breaking  the  key.  Indeed,  quite  a few  mili- 
tary cryptographic  systems  have  been  broken 
in  this  fashion. 

One  answer  to  the  channel  error  problem 
is  the  use  of  errorcorrecting  codes  super- 
imposed on  the  ciphertext.  However,  the 
simple  substitution  and  transposition  trans- 
formations operate  on  each  character  inde- 
pendently and  do  not  amplify  errors. 

The  effects  of  privacy  transformations 
on  the  length  of  the  message  and  on  the  mes- 
sage transmission  time  are  other  items  of 
concern — they  affect  the  bandwidth  re- 
quired. The  message  length  is  increased  in 
privacy  systems  where  polygraphic  substi- 
tutions are  made  or  where  the  ciphertext 
alphabets  are  considerably  longer  than  the 
message  alphabet  (i.e.,  more  bits  are  re- 
quired to  represent  a character).'  Complex 
block  transformations  may  also  increase  the 
ciphertext  length  and  encryption  time. 


IMPLEMENTATION 

Two  basic  privacy  system  structures  can 
be  used  in  communication  systems:  end-to- 
end  encryption,  and  link-by-link  encryption 
[26].  In  the  first  structure,  all  sender- 
receiver  pairs  use  agreed-upon  keys  and  per- 
form the  transformations  at  their  own  ter- 
minals. In  large  networks  with  many  sub- 
scribers, end-to-end  systems  pose  cumbersome 
problems  with  the  keys: For  high  security, 
each  pair  of  communicators  should  use  differ- 
ent keys  and  the  keys  should  be  changed 
often  (on-time  keys  would  be  ideal).  The 
distribution  and  storage  of  large  number  of 
keys  can  seriously  affect  the  effectiveness 
of  the  privacy  system. 

A link-by-link  encryption  system  can 
be  implemented  in  packet  switching  commu- 
nication networks  or  in  those  that  use 
other  store-and-forward  message  transmis- 
sion and  routing  techniques.  Such  networks 
consist  of  switching  nodes  and  node-to- 
node  transmission  channels.  A different 
privacy  transformation  can  be  applied  to 
each  link.  A user  needs  to  handle  only 
one  key — the  key  used  in  the  link  between 
his  terminal  and  the  node  that  serves  the 
terminal.  One  disadvantage  is  the  need  to 
decrypt  and  re-encrypt  the  messages  at  each 
node.  In  order  to  avoid  storage  of  the 
messages  being  routed  in  the  clear,  the 
communications  processor  at  a node  should 
immediately  apply  its  own  internal  trans- 
formation . 

In  order  for  a privacy  system  at  a 
terminal  to  match  the  performance  recuire- 
ments  of  modern  communications,  it  is  neces- 
sary to  apply  the  privacy  transformations 
automatically  by  using  special  devices. 

The  earliest  "cipher  machines"  used  by  the 
governments  were  electromechanical  units 
equipped  with  randomly  wired  rotcrs  that 
implemented  polyalphabetic  substitutions 
with  extremely  long  key  periods  [7].  The 
presently  available  commercial  devices  are 
usually  based  on  feedback  shift- register 
key  stream  generators  whose  vulnerability 
problems  were  mentioned  previously.  An 
important  requirement  for  their  use  is  the 
aynohronization  of  the  key  generators  at 
the  transmitter  and  at  the  receiving  ter- 
minal. If  synchronization  is  lost,  the  mes- 
sage cannot  be  recovered  and  must  be  re- 
transmitted. 

Transpositions  and  block  ciphers  re- 
quire more  complicated  hardware  for  storing 
the  message  segment  being  encrypted  and 
applying  the  transformation  rules.  However, 
modern  microcircuit  technology  permits  the 
construction  of  small  circuit  packages  that 
can  hold  a large  amount  of  memory  and  logic 
circuits.  For  example,  the  IBM's  cipher- 
ing device  "Lucifer"  [20]  is  estimated  to 
require  only  four  large  scale  integrated 
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(LSI)  circuit  chips  for  applying  a block 
cipher  to  128-bit  message  segments.  No 
synchronization  is  needed. 


9.  C.  E.  Shannon,  "Communications  Theory 
of  Secrecy  Systems,"  BSTJ , 1949, 
pp.  656-715. 


Finally,  communication  networks  use  10‘ 

various  signals  for  network  control  pur- 
poses. Application  of  privacy  transforma- 
tions to  messages  is  likely  to  produce  in-  n. 
advertent  control  characters  in  the  cipher- 
text.  It  is  necessary,  therefore,  to  make 
provisions  in  the  network  control  circuits  12* 
for  distinguishing  bona  fide  control  sig- 
nals from  those  in  the  ciphertext.  The 
other  alternative — suppression  of  control  13. 

characters  in  the  ciphertext — seems  more 
difficult  to  implement. 

14  • 

CONCLUDING  REMARKS 


The  need  for  security  in  telecommunica-  15. 
tion  networks  is  increasing.  Privacy  trans- 
formations can  provide  protection  against 
many  threats:  misrouting  of  messages, 
wiretapping,  active  entry  through  illicit 
terminals,  and  disruption  of  operations  by 
illicit  messages.  Several  classes  of  pri- 
vacy  transformations  are  available,  but 
they  are  not  equally  effective.  In  parti- 
cular, a large  number  of  available  keys  17. 

does  not  mean  a high  degree  of  protection. 

Recent  advances  in  the  manufacture  of  „ 

LSI  circuits  will  permit  economic  implemen-  18’ 
tation  of  privacy  systems  that  use  very 
complex  block  transformations  and  can  pro- 
vide any  desired  level  of  protection  with-  19. 
out  penalizing  the  performance  of  the 
associated  telecommunication  network. 
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